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(57) Abstract: Managing group membership of receivers-in-broad- 
cast and multicast content distribution systems. The invention 
provides for security in group communications where a single 
source is broadcasting or multicasting to multiple destination 
points on a network such as the Internet using a local agent 
resident on a user system, an authorization token, and a trusted 
group manager (TGM) representing a content distributor. The 
local agent may be tamper resistant code providing support for 
key agreement, decryption, and message authentication functions. 
The authorization token describes which agents are active and 
available to decrypt digital content or a per packet basis. The 
TGM establishes a session key with a group of local agents and 
generates authorization tokens. The local agent adds and removes 
itself from a content distribution session (and associated group) 
based on a series of protocols that do not require a "re-key" for an 
encrypted content stream being broadcast or multicast by a content 
distributor. The protocols include operations for registering with 
a group, joining a group, and leaving a group. 
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METHOD AND APPARATUS FOR SECURELY MANAGING 
MEMBERSHIP IN GROUP COMMUNICATIONS 

BACKGROUND 

1. FIELD 

5 The present invention relates generally to content protection in multicast and 

broadcast communications systems and, more specifically, to providing security for 
digital content communicated to multiple group members. 

2. DESCRIPTION 

Physical objects such as compact disks (CDs) or cassette tapes holding 

10 entertainment content provide some measure of their own security simply by virtue of 
the fact that playback of the content is tied to having the physical object present. If one 
makes a copy (such as by recording music from a CD onto a cassette tape), the quality 
of the content is degraded. If one wants the highest quality content, one must buy or 
otherwise obtain an original product. The content distribution industry made it 

15 convenient for customers or users to have access to content by making it widely 
available at high-traffic consumer locations such as record and video stores, malls, and 
major discount stores. Presently, business to consumer electronic commerce, especially 
in the area of entertainment content, is growing rapidly on the World Wide Web 
(WWW) of the Intemet. The proliferation of connected personal computers (PCs) and 

20 other Intemet access devices, the growing bandwidth of the Intemet, and better 
compression techniques are making it possible for content owners to take advantage of 
the Web as a place to offer digital content for sale and distribution. Many businesses 
are also increasingly using the Intemet as a means to distribute confidential documents, 
images, video presentations, training and other digital content to employees at 

25 geographically dispersed locations. 

Thus, the distribution of digital content over the Intemet is increasing. With the 
increasing use of the Intemet to buy, sell, or send music, video, documents, images, and 
other copyrighted or confidential content in digital form, comes the need to protect that 
content from unauthorized use. 
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One mechanism to distribute digital content is through broadcast or muhicast 
means. In this type of appUcation, a content distributor (e.g., a broadcaster) distributes 
the content to multiple users over a network such as the Internet, In some instances, the 
content may be distributed in a temporal manner, such as the streaming of a movie or a 
5 music concert to a group of viewers, for example. This is one example of a growing 
number of digital content communications applications that require group management 
capabilities. Group management typically includes ensuring that only authorized (e.g., 
paying) users can be a member of a group, excluding past group members from 
viewing current content, and excluding new group members from viewing old content. 

10 The traditional mechanism for providing group management features is to encrypt the 
data stream carrying the content and to perform a "re-key" when the group membership 
changes (e.g., when users join or leave the group). This involves distributing a new 
secret (e.g., the new decryption key) to all current and authorized members of the 
group. This approach has at least two drawbacks. It is computationally expensive, 

15 potentially involving up to 0(n) public key operations for every re-key attempt. It also 
typically requires the buffering or dropping of content packets during the delivery of 
the new key. 

Hence, new approaches to securely managing groups that avoid the 
disadvantages of the prior art are desired. 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

The features and advantages of the present invention will become apparent from 
the following detailed description of the present invention in which: 

Figure 1 is a diagram of a group management and content protection system 
25 according to an embodiment of the present invention; 

Figure 2 is a flow diagram illustrating register group member processing 
according to an embodiment of the present invention; 

Figure 3 is a flow diagram illustrating join processing according to an 
embodiment of the present invention; 
30 Figure 4 is a flow diagram illustrating application message processing according 

to an embodiment of the present invention; 
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Figure 5 is a flow diagram illiistrating leave processing according to an 
embodiment of the present invention; and „ 

Figure 6 is a diagram illustrating an exemplary system used by a content 
distributor or a content user according to an embodiment of the present invention. 

5 

DETAILED DESCRIPTION 

An embodiment of the present invention is a method and apparatus for 
managing group membership in broadcast and multicast content distribution systems. 

10 The present invention provides for security in group commimications where a single 
source is broadcasting or multicasting to multiple destination points on a network such 
as the Intemet. An embodiment of the present invention comprises a local agent 
resident on a user system, an authorization token, and a trusted group manager (TGM) 
representing a content distributor. The local agent may be tamper resistant code 

15 providing support for key agreement, decryption, and message authentication functions. 
The authorization token describes which agents are active and available to decrypt 
digital content. In one embodiment, the digital content may be decrypted and accessed 
on a per packet basis. In other embodiments, other units of digital content may be 
processed according to the present invention. The TGM establishes a session key with 

20 a group of local agents and generates authorization tokens. In one embodiment, the 
local agent adds and removes itself from a content distribution session (and associated 
group) based on a series of protocols that do not require a "re-key" for an encrypted 
content stream being broadcast or multicast by a content distributor. The protocols 
include operations for registering with a group, joining a group, and leaving a group. 

25 The protocol details depend on the nature of the authorization code. In one 
embodiment, the authorization token includes a list of all active agents. 

Reference in the specification to "one embodiment" or "an embodiment" of the 
present invention means that a particular feature, structure or characteristic described in 
connection with the embodiment is included in at least one embodiment of the present 

30 invention. Thus, the appearances of the phrase "in one embodiment" appearing in 
various places throughout the specification are not necessarily all referring to the same 
embodiment. 
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A content creator is an entity that authors digital content. The content creator 
generates the digital content data, which may be stored in a file within a storage 
medinm on a computer system or other digital processing system and subsequently 
broadcast or multicast to a plurality of content users over a network. For example, a 
5 content creator may record and mix music in a recording studio, or film a movie, and 
then store the created content in a digital form for future transmission or distribution. 
In another example, the content may be a corporate presentation to employees, 
shareholders, customers, etc. The content may be any multimedia content in a digital 
form, such as audio, video, images, text, music, movies, books, or other data. The 

10 content may be sent to one or more users in a continuous stream of content data. The 
format of the content may vary widely depending on the type of content. It is assumed 
that the content is created in a trusted environment. 

A content distributor system is an entity that sells or distributes the content over 
a communications medium such as the Intemet or other network. The content 

15 distributor system may be controlled by the content owner or may be an authorized 
independent distributor or reseller of the content. The content distributor system may 
be implemented and managed by a broadcaster or multicaster. Where the content is 
digitized music, the content distributor system may represent a music or record 
company that owns rights to the music or an authorized distributor, such as an on-line 

20 retailer. Where the content is digitized film, the content distributor system may 
represent a movie company that owns the rights to the movie or an authorized 
distributor such as a broadcasting network. The content distributor system may use one 
or more server systems to distribute the content to one or more users on demand. 

Figure 1 is a diagram of a group management and content protection system 

25 according to an embodiment of the present invention. A content user system 10 is an 
entity that obtains and consumes content distributed by a content distributor system 12. 
The content user represents any party seeking to process digital content provided -by 
content distributor system 12, including individual end users, businesses, and other 
organizations. Content user system 10 operates as a client in a client/server operating 

30 model in conjunction with a server (not shown) operated by content distributor system 
12. The content user system sends requests for resources (e.g., Web pages, content) 
and responses to earlier queries 14 to the contmt distributor system over a network 16 
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(such as the Internet) and receives data in response to the requests. Network 16 may be 
any network or series of interconnected networks capable of transporting digital content 
from the content distributor system to one or more content user systems. For example, 
network 16 may be a local area network (LAN), a wide area network (WAN), the 
5 Internet, a wireless network, or a terrestrial broadcast network such as a satellite 
conmiunications network. In one embodiment, the content user system 10 comprises at 
least one of a personal computer (PC) system, an Intemet appliance, a set-top box, a 
handheld computer, a personal digital assistant (PDA), or other computing device. In a 
multicast or broadcast environment, there may be many content user systems receiving 

10 content from a single content distributor system. 

According to embodiments of the present invention, the content user system 
includes components resident therein to control secure reception and playback of 
content received from content distributor system 12. The content user system evaluates 
content requirements for authorized playback and system characteristics to determine if 

15 the content user system and its components may be trusted. The content user system 
includes one or more unique, trusted software components that represent the interests of 
the content creator or content distributor. This software component, called an agent, 
acts a custodian of the content creator's interests. In one embodiment, the agent 20 
establishes itself as trusted via known tamper-resistant technologies and continuous 

20 integrity checking. It then extends the perimeter of trust by continuously checking the 
integrity of other software components such as player 22. Because of this, attempts to 
tamper with the player or the agent may be detected by the agent 20, and fiirther 
playback of content by player 22 may be halted. In another embodiment, the agent may 
operate in an isolated execution mode that provides a measure of security to deter 

25 tampering with the agent. In other embodiments, other methods for protecting the 
agent from tampering may be employed. 

The agent validates- and enforces the conditions that must be fiilfiUed before the 
content can be consumed or rendered. These conditions can be anything that the 
content distributor chooses, consistent with the goal of balancing the protection of the 

30 content distributor's rights and the desire to give the content user a satisfying 
experience in obtaining and rendering the content. For example, the agent might check 
the content user system 10 for an electronic copy of a purchase receipt or verify a 
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player identifier (ID) or user password. There may be many conditions an agent might 
verify on the content user system before allowing decryption and rendering of content 
to occur. After the agent has determined that the legitimate conditions for content 
usage have been met, the agent decrypts the content so the content may be rendered by 
5 the player. In one embodiment, decryption of the content may be allowed only if the 
agent is an authorized member of a group associated with a content stream. To reduce 
the incentive for hacking attempts and to minimize the amount of content that is 
protected by the same security mechanism, the agent may in some embodiments be 
repeatedly renewed. 

10 Thus, agent 20 interacts with player 22, acting as a controller to determine if 

and when the content that is received from the content distributor may be rendered. 
Player 22 may be any software component or application for processing of digital 
content. Processing may include storing, transferring, displaying, or otherwise 
rendering the content. Player 22 may employ various other software components and 

15 plug-ins (not shown) in order to process the content, including codecs to decode and 
decompress the decrypted content. 

The agent controls the player's access to the content according to control 
messages 24 received by the agent from the content distributor system via the network. 
The control messages may or may not be included in a content stream 26. The content 

20 stream primarily comprises requested content. However, these two data flows are 
shown separately in Figure 1 for reasons of clarity. Trusted group manager (TGM) 28 
may be a component within a content distributor system that handles processing for 
registering, joining and leaving a group for a particular content stream. 

Before access to a particular content stream is allowed, a content user system 

25 registers as a possible group member for the content stream with the TGM. That is, the 
agent registers itself with the TGM, or another software component resident on the 
content user system registers the agent with the TGM. In some embodiments, the agent 
does not initiate or control the registration protocol, but another software component 
(not shown) on the content user system that interacts with the user, the agent, and the 

30 TGM may control the registration process. This client-side software component may 
begin the protocol after the user selects a particular content stream he or she is 
interested in joining. The client-side software component may then retrieve a content 
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Stream identifier, a transaction identifier associated with the upcoming .usage of the 
content stream, and the agent's credentials. An agent identifier may be included in the 
agent's credentials. The transaction identifier allows the TGM to determine if the user 
has the right to access the content stream. This abstraction allows for the idea that 
5 some commerce-like event has occurred. The agent credentials let the TGM determine 
if the agent is capable of controlling access to the content stream. If it detennines that 
the agent is not capable, the TGM may provide an updated agent to the content user 
system. 

Figure 2 is a flow diagram illustrating register group member processing 

10 according to an embodiment of the present invention. At block 50, the agent or the 
client-side software component, depending on the embodiment, sends the agent's 
credentials, an identifier (ID) of the selected content stream, and an agent identifier in a 
request message 14 to the TGM. At block 52, the TGM verifies the agent's credentials 
received in the request message. Some authentication indicators included in the 

15 credential may be the source of the agent, freshness or age of the agent, capabilities of 
the agent, and so on. At block 54, the TGM verifies the agent and the content stream. 
This verification may include checking billing information associated with the agent's 
user, ensuring that the content stream ID is valid and scheduled for broadcast or 
multicast, and other checks. 

20 At block 56, the TGM generates a registration token for the agent and the 

selected content stream. In one embodiment, the registration token comprises an initial 
nonce, the content stream ID (which is preferably is unique) for the content requested 
by the agent, and a session key. In one embodiment, the nonce may be a counter that 
allows the TGM to track what privileges are being granted to the agent. The nonce 

25 may be a unique string of values to identify a particular transaction. The session key 
may be a cryptographic key used by the agent to decrypt received content that has been 
encrypted by the content distributor system according to well-known methods in either 
symmetric key or asymmetric key cryptography. The session key may be associated 
with a particular, group of users being allowed access to a particular content stream. 

30 The user of the content user system may know the content stream ID, but the session 
key should be hidden from the user by encrypting the initial nonce and the session key 
within the registration token. In one embodiment, the key to decrypt the initial nonce 
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and the session key may be included in the registration token to be decrypted by logic 
within the tamper resistant agent. At block 58, the TGM sends the registration token to 
the agent in a control message 24. 

Thus, the registration function establishes a session key between the TGM and 
5 the agent of the user for a particular content stream. The session 'key may be identical 
for all group members for the group associated with the content stream and may be 
used to decrypt application messages sent by the TGM to the group members. Before 
providing the session key, the TGM authenticates the agent's credentials to verify it is 
trusted not to divulge the session key to anyone, including the user. The registration 

1 0 function may be performed at any time prior to joining a group. 

Once a user is registered for a group, the user must join the group in order to 
receive access to the content stream. The join function notifies the TGM that the user 
wishes to join the content streaming session at the current time. The TGM, upon 
verifying that the user is registered, adds the user's agent to an authorized agent list for 

15 the selected content stream. Figure 3 is a flow diagram illustrating join processing 
according to an embodiment of the present invention. At block 70, the agent sends a 
join message to the TGM. In one embodiment, the join message comprises an ID of the 
requesting user, the content stream ID, and a cryptographic hash of a join command or 
keyword, the user ID, the nonce received during registration processing, and the 

20 content stream ID. In one embodiment, the user ID and the content stream ID may be 
sent in the clear to the TGM. At block 72, the TGM verifies the join message 
parameters according to information known by the TGM. Given the user ID and the 
content stream ID, the TGM can recover the nonce created during registration 
processing for this user from a database or other storage accessible to the TGM. With 

25 the nonce, the TGM can recreate the join message and validate the contents of the 
message. In this embodiment, the nonce should be kept secret. In other embodiments 
where the session key is included, the nonce may not need to be kept secret. If the 
received and recreated join messages match, at block 74 the TGM adds the user's agent 
identifier to an authorized agents list for the selected content stream. 

30 Once the user has joined the group having access to the content stream, the 

TGM can now send control messages to the user's agent. The control message may be 
included in packets within the content stream. The TGM broadcasts or multicasts 
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packets to group members and possibly others who are not currently valid group 
members. There may be two types of packets communicated over the network. The 
first packet type comprises a content stream packet. A content stream packet comprises 
a message ID and a message. The message comprises the content. The content stream 
5 packet is encrypted by the TGM with the session key communicated to the agent during 
registration processing. The second type of packet comprises a control packet. In one 
embodiment, a control packet comprises two components. The first component may be 
a cryptographic hash of the session key, the authorization token, and the session key. 
The second component may be the authorization token. In one embodiment, the hash 

10 comprises a relatively small number of bits, such as approximately 128 bits or 160 bits. 
The authorization token comprises at least the message ID and the authorized agents 
list. Thus the authorization token is bound to the content stream packet. The 
authorized agents list comprises a data structure comprising the IDs of the currently 
active or authorized agents. 

15 When the agent receives a stream of packets from the TGM, the agent reads the 

packets and determines what to do with them. Figure 4 is a flow diagi'am illustrating 
application message processing according to an embodiment of the present invention. 
Upon receiving a control packet and a corresponding content packet at block 90, the 
agent then performs a series of verifications. At block 92, the agent verifies the 

20 authorization token received in the control packet by computing the hash of the token 
and the session key. To compute the hash the agent uses the authorization token 
received in the control packet and the session key received during registration 
processing. If the recomputed hash matches the hash in the control packet, then at 
block 94 the agent determines if the message ID from the content packet matches the 

25 message ID in the authorization token in the control packet. If they match, the control 
packet corresponds to the content packet. In some embodiments, the agent may decrypt 
the message ID, if necessary, using the session key. Next, at block 96 the agent 
determines if the authorized agents list in the authorization token fi^om the control 
packet includes the ID of the agent. If any of the above checks fail, then further error 

30 processing may be performed, such as the termination of the agent and the player. If all 
of the above checks are successful, the agent at block 98 decrypts the message in the 
content packet using the session key to obtain the content. The content in the message 
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may then be processed by the player, such as by rendering, storage, display, or further 
transmission of the content. 

The process of receiving control and content packets may be repeated for all or 
some of the packets in the content stream. At some point, a user may desire to 
5 terminate participation in the session. This termination may even be before the 
scheduled end of the session. To leave an active session, the agent sends a leave 
message to the TGM. Figure 5 is a flow diagram illustrating leave processing 
according to an embodiment of the present invention. At block 100, the agent or 
another client-side software component generates and sends a leave message to the 

10 TGM. In one embodiment, the leave message comprises a hash of a leave command or 
keyword, the ID of the user, the nonce received dxiring registration, a transaction ID, 
and the content stream ID. The leave message may also include the content stream ID 
(unencrypted). At block 102, the TGM verifies the parameters of the leave message. 
For example, the TGM may use the nonce to validate that the leave message came fi-om 

15 a previously registered user. At block 104, the TGM deletes the agent associated with 
the user ID from the authorized agents list for the content stream identified by the 
content stream ID if the leave parameters are valid. Subsequently, the user's agent will 
not be able to decrypt the content packets for the content stream because the agent will 
not be included in the authorized agents list-within the authorization token. 

20 Hence, the present invention allows a trusted group manager (TGM) to manage 

groups for communications of digital content. The TGM has control over who is 
currently an authorized user for a particular session of streaming content over a 
network without re-keying all group members. With the present invention, re-key 
operations are no longer required for the purpose of managing group membership, but 

25 may be used only if the xmderlying cryptographic cipher needs re-keying to maintain 
adequate security. The present system is more flexible than prior approaches and 
provides application level security. Registration of a user may occur far in advance of 
the actual content streaming session. The present invention provides strong forward 
and backward security. Backward security relates to preventing a user who joins the 

30 session at a particular point in time firom accessing past content streamed before the 
point in time. Forward security relates to preventing a user who leaves a session at a 



10 



wo 02/01799 



PCT/USOl/20181 



point in time from continuing to access subsequently streamed content after that point 
in time. 

In other embodiments, other authorization protocols may be employed to 
improve the scalability of the present invention. For example, a system designer may 
5 use chaining between authorization tokens to describe only the differences of 
authorized agents lists, between packets. A system designer may use a hierarchical 
model that employs trusted local agent intermediaries to manage authorization tokens 
"locally" (e.g., for a LAN). A system designer may use an exclusion Kst to provide 
only forward secrecy depending on system requirements. 

10 In another variation, the join protocol may be augmented to provide only 

backwards secrecy by requiring the local agent to only decrypt new packets. This may 
avoid the need for per packet authorization tokens. In this embodiment, the TGM 
generates an authorization packet for the agent. The authorization packet comprises of 
a hash and an authorization token. The authorization token comprises a message 

15 having a message ID and an agent ID. The hash is a result of hashing the session key, 
authorization token, and the session key. Upon receiving the authorization packet, the 
agent checks the validity of the authorization token by recreating the hash and verifying 
that it matches the hash in the authorization packet. 

Upon receiving any content packet, the agent uses a function F which, given the 

20 content message ID and the message ID in the authorization token, retums a Boolean 
answer to whether or not the agent can decrypt the content packet. One embodiment of 
function F may compare the two IDs and if the content message ID is greater than the 
authorization token message ID, then F retums TRUE and the agent decrypts the 
content packet. 

25 In other embodiments, instead of generating multiple hashes, several of the 

messages may be encrypted (e.g., the TGM encrypts the authorization packet using a 
derivative of the session key; for example, the TGM applies a function G to the session 
key s to generate a new key s' which is used to encrypt the authorization packet 
s'=G(s)). 

30 In the preceding description, various aspects of the present invention have been 

described. For purposes of explanation, specific numbers, systems and configurations 
were set forth in order to provide a thorough understanding of the present invention. 
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However, it is apparent to one skilled in the art having the benefit of this disclosure that 
the present invention may be practiced without the specific details. In other instances, 
well-known features were omitted or simplified in order not to obscxare the present 
invention. 

5 Embodiments of the present invention may be implemented in hardware or 

software, or a combination of both. However, embodiments of the invention may be 
implemented as computer programs executing on programmable systems comprising at 
least one processor, a data storage system (including volatile and non-volatile memory 
and/or storage elements), at least one input device, and at least one output device. 

10 Program code may be applied to input data to perform the fianctions described herein 
and generate output information. The output information may be applied to one or 
more output devices, in known fashion. For purposes of this application, a processing 
system embodying the group management fimctions includes any system that has a 
processor, such as, for example, a digital signal processor (DSP), a microcontroller, an 

15 application specific integrated circuit (ASIC), or a microprocessor. 

The programs may be implemented in a high level procedural or object oriented 
programming language to communicate with a processing system. The programs may 
also be implemented in assembly or machine language, if desired. In fact, the invention 
is not limited in scope to any particular programming language. In any case, the 

20 language may be a compiled or interpreted language. 

The programs may be stored on a removable storage media or device (e.g., 
floppy disk drive, read only memory (ROM), CD-ROM device, flash memory device, 
digital versatile disk (DVD), or other storage device) readable by a general or special 
purpose programmable processing system, for configuring and operating the processing 

25 system when the storage media or device is read by the processing system to perform 
the procedures described herein. Embodiments of the invention may also be considered 
to be implemented as a machine-readable storage medium, configured for use with a 
pi*ocessing system, where the storage medium so configured causes the processing 
system to operate in a specific and predefined manner to perform the fimctions 

30 described herein. 

An example of one such type of processing system is shown in Figure 6, 
however, other systems may also be used and not all components of the system shown 
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are required for the present invention. Sample system 400 may be used, for example, to 
execute the processing for embodiments of the key hierarchy and content protection 
system, in accordance with the present invention, such as the embodiment described 
herein. Sample system 400 is representative of processing systems based on the 
5 PENTIUM®!!, PENTIUM® !!!, and CELERONTtm microprocessors available from 
Intel Corporation, although other systems (including personal computers (PCs) having 
other microprocessors, engineering workstations, other set-top boxes, and the like) and 
architectures may also be used. 

Figure 6 is a block diagram of a system 400 of one embodiment of the present 

10 invention. The system 400 includes a processor 402 that processes data signals. 
Processor 402 may be coupled to a processor bus 404 that transmits data signals 
between processor 402 and other components in the system 400. 

System 400 includes a memory 406. Memory 406 may store instructions and/or 
data represented by data signals that may be executed by processor 402. The 

15 instructions and/or data may comprise code for performing any and/or all of the 
techniques of the present invention. Memory 406 may also contain additional software 
and/or data (not shown). A cache memory 408 may reside inside processor 402 that 
stores data signals stored in memory 406/ 

A bridge/memory controller 410 may be coupled to the processor bus 404 and 

20 memory 406. The bridge/memory controller 410 directs data signals between processor 
402, memory 406, and other components in the system 400 and bridges the data signals 
between processor bus 404, memory 406, and a first input/output (I/O) bus 412. In this 
embodiment, graphics controller 413 interfaces to a display device (not shown) for 
displaying images rendered or otherwise processed by the graphics controller 413 to a 

25 user. 

First I/O bus 412 may comprise a single bus or a combination of multiple buses. 
First I/O bus 412 provides communication links between components in system 400. A 
network controller 414 may be coupled to the first I/O bus 412. In some embodiments, 
a display device controller 416 may be coupled to the first I/O bus 412. The display 
30 device controller 416 allows coupling of a display device to system 400 and acts as an 
interface between a display device (not shown) and the system. The display device 
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receives data signals from processor 402 through display device controller 416 and 
displays information contained in the data signals to a user of system 400. 

A second I/O bus 420 may comprise a single bus or a combination of multiple 
buses. The second I/O bus 420 provides communication links between components in 
5 system 400. A data storage device 422 may be coupled to the second I/O bus 420. A 
keyboard interface 424 may be coupled to the second I/O bus 420. A user input 
interface 425 may be coupled to the second I/O bus 420. The user input interface may 
be coupled to a user input device, such as a remote control, mouse, joystick, or 
trackball, for example, to provide input data to the computer system. An audio 

10 controller 427 may be coupled to the second I/O bus for handling processing of audio 
signals through one or more loudspeakers (not shown). A bus bridge 428 couples first 
I/O bridge 412 to second I/O bridge 420. 

Embodiments of the present invention are related to the use of the system 400 as 
a content distributor or content user system. According to one embodiment, such 

15 processing may be performed by the system 400 in response to processor 402 executing 
sequences of instructions in memory 404. Such instructions may be read into memory 
404 from another computer-readable medium, such as data storage device 422, or from 
another source via the network controller 414, for example. Execution of the sequences 
of instructions causes processor 402 to execute group management and content 

20 protection processing according to embodiments of the present invention. In an 
alternative embodiment, hardware circuitry may be used in place of or in combination 
with software instructions to implement embodiments of the present invention. Thus, 
the present invention is not limited to any specific combination of hardware circuitry 
and software. 

25 The elements of system 400 perform their conventional fiinctions in a manner 

well known in the art. In particular, data storage device 422 may be used to provide 
long-term storage for the executable instractions and data structures for embodiments 
of the group management and content protection system in accordance with the present 
invention, whereas memory 406 is used to store on a shorter term basis the executable 

30 instructions of embodiments of the group management and content protection system in 
accordance with the present invention during execution by processor 402. 
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While this invention has been described with reference to illustrative 
embodiments, this description is not intended to be construed in a limiting sense. 
Various modifications of the illustrative embodiments, as well as other embodiments of 
the invention, which are apparent to persons skilled in the art to which the inventions 
5 pertains are deemed to lie within the spirit and scope of the invention. 
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CLAIMS 

What is claimed is: 

5 1 . A method of securely managing membership in a group of authorized 

users, the group being associated with a session for receiving a content stream 
comprising: 

registering an agent representing a user with a trusted group manager of a 
distributor of the content stream; and 
10 joining, by the agent, as a member of the group for authorized access to the 

content stream. 

2. The method of claim 1, further comprising receiving packets of the 
content stream by the agent and processing the packets by the agent to access the 
content when the agent is a member of the group. 

15 3. The method of claim 2, wherein packets of the content stream are 

encrypted with a first key by the distributor prior to communication to group members 
and further comprising decrypting packets of the content stream to obtain the content 
by the agent after joining the group, without encrypting the content stream by the 
distributor with a second key different than the first key. 

20 4. The method of claim 1, wherein the agent comprises tamper resistant 

software. 

5. The method of claim 1, further comprising the agent leaving the group 
thereby preventing subsequent access to content of the content stream by the agent. 

6. The method of claim 5, wherein packets of the content stream are 
25 encrypted with a first key by the distributor prior to the communication to group 

members and further comprising decrypting packets of the content stream to obtain the 
content by other group members after the agent leaves the group, without encrypting 
the content stream by the distributor with a second key different than the first key. 
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7. The method of claim 2, wherein the packets comprise at least one 
content packet and at least one control packet, the at least one content packet 
comprising the content in encrypted form, and the at least one control packet 
comprising an authorization token including at least a list of identifiers of authorized 

5 agents, the list including an identifier of the agent. 

8. The method of claim 7, wherein processing the packets comprises 
verifying integrity of the authorization token, verifying that the agent's identifier is in 
the authorized agents list, and decrypting the content in the at least one content packet 
using a session key when the integrity of the authorization token is verified and the 

10 agent identifier is in the authorized agents list. 

9. The method of claim 8, wherein the at least one content packet 
comprises a first message identifier, the authorization token in the at least one control 
packet comprises a second message identifier, and wherein processing the packets 
further comprises matching the at least one content packet to the at least one control 

15 packet by verifying that the first message identifier matches the second message 
identifier. 

1 0. The method of claim 1 , wherein registering the agent comprises: 
sending agent information to the trusted group manager; 

verifying the agent information; 
20 generating a registration token, the registration token including at least one of a 

nonce, a content stream identifier, and a session key used for decryption of the content; 
and 

sending the registration token to the agent. 

11. The method of claim 10, wherein the agent information comprises at 
25 least one of the agent's credentials, the content stream identifier, and the identifier of 

the agent. 

12. The method of claim 1, wherein joining the group comprises adding an 
identifier of the agent to an authorized agents list. 
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13. The method of claim 5, wherein leaving the group comprises deleting an 
identifier of the agent from an authorized agents list, 

14. An article comprising: a storage medium having a plurality of machine 
readable instructions, wherein when the instructions are executed by a processor, the 

5 instructions provide for securely managing membership in a group of authorized users, 
the group being associated with a session for receiving a content stream, the 
instructions for registering an agent representing a user with a trusted group manager of 
a distributor of the content stream; and joining, by the agent, as a member of the group 
for authorized access to the content stream. 

10 15. The article of claim 14, fiirther comprising instructions for receiving 

packets of the content stream by the agent and instructions for processing the packets 
by the agent to access the content when the agent is a member of the group. 

16. The article of claim 15, wherein packets of the content stream are 
encrypted with a first key by the distributor prior to communication to group members 

15 and further comprising instructions for decrypting packets of the content stream to 
obtain the content by the agent after joining the group, without encrypting the content 
stream by the distributor with a second key different than the first key. 

17. The article of claim 14, wherein the agent comprises tamper resistant 
software. 

20 18. The article of claim 14, further comprising the agent leaving the group 

thereby preventing subsequent access to content of the content stream by the agent. 

19. The article of claim 18, wherein packets of the content stream are 
encrypted with a first key by the distributor prior to the communication to group 
members and further comprising instructions for decrypting packets of the content 
25 stream to obtain the content by other group members after the agent leaves the group, 
without encrypting the content stream by the distributor with a second key different 
than the first key. 



18 



wo 02/01799 



PCT/USOl/20181 



20. The article of claim 15, wherein the packets comprise at least one 
content packet and at least one control packet, the at least one content packet 
comprising the content in encrypted form, and the at least one control packet 
comprising an authorization token including at least a list of identifiers of authorized 

5 agents, the list including an identifier of the agent. 

21. The article of claim 20, wherein instructions for processing the packets 
comprise instructions for verifying integrity of the authorization token, verifying that 
the agent's identifier is in the authorized agents list, and decrypting the content in the at 
least one content packet using a session key when the integrity of the authorization 

1 0 token is verified and the agent identifier is in the authorized agents list. 

22. The article of claim 21, wherein the at least one content packet 
comprises a first message identifier, the authorization token in the at least one control 
packet comprises a second message identifier, and wherein instructions for processing 
the packets fiirther comprise instructions for matching the at least one content packet to 

15 the at least one control packet by verifying that the first message identifier matches the 
second message identifier. 

23. The article of claim 14, wherein instmctions for registering the agent 
comprise instructions for: sending agent information to the trusted group manager; 
verifying the agent information; generating a registration token, the registration token 

20 including at least one of a nonce, a content stream identifier, and a session key used for 
decryption of the content; and sending the registration token to the agent. 

24. The article of claim 23, wherein the agent information comprises at least 
one of the agent's credentials, the content stream identifier, and the identifier of the 
agent. 

25 25. The article of claim 14, wherein instructions for joining the group 

comprise instructions for adding an identifier of the agent to an authorized agents list. 

26. The article of claim 18, wherein instructions for leaving the group comprise 
instructions for deleting an identifier of the agent firom an authorized agents list. 
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27. A system for securely managing membership in a group of authorized 
users, the group being associated with a session for receiving a content stream over a 
network, the system comprising: 

a trusted group manager coupled to the network to manage a list of agents 
5 authorized for access to the content stream and to distribute the content stream to group 
members; and 

at least one agent coupled to the network to register the agent representing a 
user with the trusted group manager, to join as a member of the group for authorized 
access to the content stream, and to receive and decrypt packets of the content stream 
10 when the agent is in the list of authorized agents. 

28. The system of claim 27, further comprising a player application coupled 
to the agent to render the decrypted packets of the content stream. 

29. The system of claim 27, wherein the at least one agent receives packets 
of the content stream and processes the packets to access the content when the agent is 

15 a member of the group. 

30. The system of claim 29, wherein the trusted group manager encrypts 
packets of the content stream with a first key prior to communication to group members 
and the agent decrypts packets of the content stream to obtain the content after joining 
the group, without the trusted group manager encrypting the content stream with a 

20 second key different than the first key. 

3 1 . The system of claim 27, wherein the at least one agent comprises tamper 
resistant software. 

32. The system of claim 27, wherein the at least one agent leaves the group 
thereby preventing subsequent access to content of the content stream by the at least 

25 one agent. 

33. The system of claim 32, wherein the trusted group manager-encrypts 
packets of the content stream with a first key prior to the communication to group 
members and other group members decrypt packets of the content stream to obtain the 
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content after the at least one agent leaves the group, without the trusted group manager 
encrypting the content stream with a second key different than the first key. 

34. The system of claim 28, wherein the packets comprise at least one 
content packet and at least one control packet, the at least one content packet 

5 comprising the content in encrypted form, and the at least one control packet 
comprising an authorization token including at least a list of identifiers of authorized 
agents, the list including an identifier of the agent. 

35. The system of claim 34, wherein the at least one agent processes the 
packets to verify integrity of the authorization token, to verify that the at least one 

10 agent's identifier is in the authorized agents list, and to decrypt the content in the at 
least one content packet using a session key when the integrity of the authorization 
token is verified and the at least one agent's identifier is in the authorized agents list. 

36. The system of claim 35, wherein the at least one content packet 
comprises a first message identifier, the authorization token in the at least one control 

15 packet comprises a second message identifier, and wherein the at least one agent 
processes the packets to match the at least one content packet to the at least one control 
packet by verifying that the first message identifier matches the second message 
identifier. 
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